[wp-trac] [WordPress Trac] #64457: Early filter invalid hosts in wp_http_validate_url
WordPress Trac
noreply at wordpress.org
Thu Jan 1 22:09:16 UTC 2026
#64457: Early filter invalid hosts in wp_http_validate_url
-------------------------+-----------------------------
Reporter: SirLouen | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: HTTP API | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: performance
-------------------------+-----------------------------
Comment (by peterwilsoncc):
Story time...
In the lead up to and during the early days of the Iraq war in the early
2000's, Salam Pax blogged anonymously about the goings on in Iraq.
Selected entries from his blog were subsequently released in a book titled
he Baghdad Blog.
The blog, which is still available online, was hosted on Blogger at
[https://dear_raed.blogspot.com/ dear_raed.blogspot.com]. The domain
resolved at the time and continues
[https://dnschecker.org/#A/dear_raed.blogspot.com to resolve now].
Arguably, Blogger should never have allowed sub-domains with underscores
to be used but they did. I assume the case is true for other services as
well.
My point is that the practical often differs from the theoretical, as is
the case for DNS resolution. In its current form `wp_http_validate_url()`
handles sub-domains with underscores and that will need to be the case in
the future.
Testing the current pull request with the domain used by Salam Pax shows a
change in behaviour that will need to be accounted for:
{{{
vagrant at wp-dev:/vagrant/wordpress-develop$ git checkout trunk
Switched to branch 'trunk'
Your branch is up to date with 'origin/trunk'.
vagrant at wp-dev:/vagrant/wordpress-develop$ wp eval "var_dump(
wp_http_validate_url( 'https://dear_raed.blogspot.com/' ) );"
eval()'d code:1:
string(31) "https://dear_raed.blogspot.com/"
vagrant at wp-dev:/vagrant/wordpress-develop$ git checkout 64457-early-
filter-invalid-hosts
Switched to branch '64457-early-filter-invalid-hosts'
vagrant at wp-dev:/vagrant/wordpress-develop$ wp eval "var_dump(
wp_http_validate_url( 'https://dear_raed.blogspot.com/' ) );"
eval()'d code:1:
bool(false)
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64457#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list